A Caldicott Guardian is a senior person responsible for protecting the confidentiality of patient and service-user information and enabling appropriate information sharing.
Dr Kate Wright Medical Director is Powys Teaching Health Board's Caldicott Guardian.
She acts as the 'conscience' of PTHB by supporting work to enable information sharing and advising on options for lawful and ethical processing of information.
Email: Caldicott.GuardianPTHB@wales.nhs.uk
Each NHS organisation is mandated to have a Caldicott Guardian, as are Councils with Social Services responsibilities, and partner organisations. The Guardian plays a key role in satisfying the highest practical standards for handling patient indentifiable information.
The Caldicott Guardian is a strategic role, which involves representing and championing Information Governance requirements and issues at Board level. Further information is available from the UK Caldicott Guardian Council - GOV.UK
The term used to describe how organisations and individuals manage the way information is handled within the health and social care system is 'information governance'. In 1997, there was a Review of the Uses of Patient Identifiable Information, chaired by Dame Fiona Caldicott. This review devised six general principles of information governance that could be used by all health and social care organisations with access to patient information. These are known as the 'Caldicott Principles'.
In January 2012, the NHS Future Forum work stream on information recommended a review. This was "to ensure an appropriate balance between the protection of patient information, and the use and sharing of information to improve patient care".
The Government accepted this recommendation and asked Dame Fiona to lead the work, which became known as the Caldicott 2 review. As part of that review, a seventh principle was added to the original principles.
In December 2020 and 8th principle has been added. For further information, please visit the The Caldicott Principles - GOV.UK
Good information sharing is essential for providing safe and effective care within the Health Board. There are also important uses of information for purposes other than individual care, Secondary Care uses. These contribute to the overall delivery of health, social care or to service wider public interests.
The principles below apply to the use of personal and confidential information within the Health Board. These are also applied when such information is shared with other organisations and between individuals, both for individual care and for other purposes.
Personal and confidential information within the Health Board, collected for health and social care, must be kept private. The principles should be applied to all data where patients and service users can be identified. This may include for instance, details about symptoms, diagnosis, treatment, names and addresses. In some instances, the principles should also be applied to the processing of staff information.
The principles are primarily intended to guide organisations and their employees. However, it should be remembered that patients, services users and / or their representatives should be included as active partners in the use of confidential information.
Caldicott Guardian approval must always be sought for the secondary processing of patient personal and confidential information. This means where it is intended for use for a purpose other than the delivery of direct care.
Examples of this are:
Where a novel and / or difficult judgement or decision is required, it is advisable to involve a Caldicott Guardian.
Principle 1. Justify the purpose(s) for using confidential information
Every proposed use or transfer of personal confidential data within or from an organisation should be clearly defined, scrutinised and documented, with continuing uses regularly reviewed, by an appropriate guardian.
Principle 2. Don't use personal confidential data unless it is absolutely necessary
Personal confidential data items should not be included unless it is essential for the specified purpose(s) of that flow. The need for patients to be identified should be considered at each stage of satisfying the purpose(s).
Principle 3. Use the minimum necessary personal confidential data
Where use of personal confidential data is considered to be essential, the inclusion of each individual item of data should be considered and justified so that the minimum amount of personal confidential data is transferred or accessible as is necessary for a given function to be carried out.
Principle 4. Access to personal confidential data should be on a strict need-to-know basis
Only those individuals who need access to personal confidential data should have access to it, and they should only have access to the data items that they need to see. This may mean introducing access controls or splitting data flows where one data flow is used for several purposes.
Principle 5. Everyone with access to personal confidential data should be aware of their responsibilities
Action should be taken to ensure that those handling personal confidential data - both clinical and non-clinical staff - are made fully aware of their responsibilities and obligations to respect patient confidentiality.
Principle 6. Comply with the law
Every use of personal confidential data must be lawful. Someone in each organisation handling personal confidential data should be responsible for ensuring that the organisation complies with legal requirements.
Principle 7. The duty to share information can be as important as the duty to protect patient confidentiality
Health and social care professionals should have the confidence to share information in the best interests of their patients within the framework set out by these principles. They should be supported by the policies of their employers, regulators and professional bodies.
Principle 8. Inform patients and service users about how their confidential information is used
A range of steps should be taken to ensure no surprises for patients and service users, so they can have clear expectations about how and why their confidential information is used, and what choices they have about this. These steps will vary depending on the use: as a minimum, this should include providing accessible, relevant and appropriate information - in some cases, greater engagement will be required.